• The Flaming Yak (unregistered)

    They also said my father's name was too short. Damn the luck!

  • (cs)

    Wonder if they'd also complain about my high school mascot, the Demon...

  • (cs)

    heh

  • Cockey (unregistered)

    Can someone figure out why this might have happened? I suck at this stuff :P

    (CAPTCHA -- pointer, exactly what I need)

  • BA (unregistered) in reply to Cockey

    Beaver is a euphemism for a certain lady part.

  • (cs)

    It is things like this that actually reduce security.

    If I have to make things up like the school mascot or a new spelling for my mother's maiden name because the original is to long, what is the point? I'll never remember it, so instead I have to call in, give them something basic like my account number which any fool can get off of my checkbook. They no longer take SSN because "we can't use that for identification." So now all you need to do is steal someones checkbook, call in and claim you can't recall all those unvalid entries and get access. When they ask what some of them are you answer things like Beaver or Cocky.

    This things should never really be filtered. I mean who are they trying to protect? Who, other then the account holder sees this info? If I'm not offended who else would be? Also please realize that some people really do have last names longer than 10 characters.

  • David C. (unregistered)

    Reminds me of a web filter that blocked my resume as pornographic because it has the phrase "cum laude" on it.

  • Sarkie (unregistered)
    [image]

    Will probably help :)

  • Joshua (unregistered)

    And to think, I was upset when my bank wouldn't let me use "Bite my shiny metal ass" as a security phrase.

  • kupal (unregistered)

    i don't get it, what's wrong with "beaver" is it a bad word?

    lemme see if it get's filtered out.. Beaver, Beaver, Beaver, Beaver, Beaver, Beaver, Beaver, Beaver, Beaver, Beaver, Beaver, Beaver, Beaver, Beaver, Beaver, Beaver, Beaver, Beaver, Beaver, Beaver, Beaver, Beaver, Beaver, Beaver, Beaver, Beaver, Beaver, Beaver, Beaver, Beaver, Beaver, Beaver, Beaver, Beaver, Beaver, Beaver, Beaver, Beaver, Beaver, Beaver, Beaver, Beaver, Beaver, Beaver, Beaver, Beaver, Beaver, Beaver, Beaver, Beaver, Beaver, Beaver, Beaver, Beaver, Beaver, Beaver, Beaver, Beaver, Beaver, Beaver, Beaver, Beaver, Beaver, Beaver, Beaver, Beaver, Beaver, Beaver, Beaver, Beaver, Beaver, Beaver, Beaver, Beaver, Beaver, Beaver, Beaver, Beaver, Beaver, Beaver, Beaver, Beaver, Beaver, Beaver, Beaver, Beaver, Beaver, Beaver, Beaver, Beaver, Beaver, Beaver, Beaver, Beaver, Beaver, Beaver, Beaver, Beaver, Beaver, Beaver, Beaver, Beaver, Beaver, Beaver, Beaver, Beaver, Beaver, Beaver, Beaver, Beaver, Beaver, Beaver, Beaver, Beaver, Beaver, Beaver, Beaver, Beaver, Beaver, Beaver, Beaver, Beaver, Beaver, Beaver, Beaver, Beaver, Beaver, Beaver, Beaver, Beaver, Beaver, Beaver, Beaver, Beaver, Beaver, Beaver, Beaver, Beaver, Beaver, Beaver, Beaver, Beaver, Beaver, Beaver, Beaver, Beaver, Beaver, Beaver, Beaver, Beaver, Beaver, Beaver, Beaver, Beaver, Beaver, Beaver, Beaver, Beaver, Beaver, Beaver, Beaver, Beaver, Beaver, Beaver, Beaver, Beaver, Beaver, Beaver, Beaver, Beaver, Beaver, Beaver, Beaver, Beaver, Beaver, Beaver, Beaver, Beaver, Beaver, Beaver, Beaver, Beaver, Beaver, Beaver, Beaver, Beaver, Beaver, Beaver, Beaver, Beaver, Beaver, Beaver, Beaver, Beaver, Beaver, Beaver, Beaver, Beaver, Beaver, Beaver, Beaver, Beaver, Beaver, Beaver, Beaver, Beaver, Beaver, Beaver, Beaver, Beaver, Beaver, Beaver, Beaver, Beaver, Beaver, Beaver, Beaver, Beaver, Beaver, Beaver, Beaver, Beaver, Beaver, Beaver, Beaver, Beaver, Beaver, Beaver, Beaver, Beaver, Beaver, Beaver, Beaver, Beaver, Beaver, Beaver, Beaver, Beaver, Beaver, Beaver, Beaver, Beaver, Beaver, Beaver, Beaver, Beaver, Beaver, Beaver, Beaver, Beaver, Beaver, Beaver, Beaver, Beaver...

    Beaver...

    captcha : tacos( just what i need as well :) )

  • (cs)

    Usually the reason for blocking things like this is not to avoid offensiveness, but because SPAM often contains lots of words about sex and sexual body parts.

    But considering that this is, for all intents and purposes, a fricking PASSWORD known only to the user, wtf should they care? This has nothing to do with anything spammable.

  • Schmitter (unregistered)

    "beaver" is filtered, but "password" is probably not.

  • Steve Buscemi (unregistered)

    Because you wouldn't want to offend whoever was attempting to hack your account via the secret question.

  • (cs) in reply to KattMan
    KattMan:
    It is things like this that actually reduce security.

    If I have to make things up like the school mascot or a new spelling for my mother's maiden name because the original is to long, what is the point? I'll never remember it, so instead I have to call in, give them something basic like my account number which any fool can get off of my checkbook. They no longer take SSN because "we can't use that for identification." So now all you need to do is steal someones checkbook, call in and claim you can't recall all those unvalid entries and get access. When they ask what some of them are you answer things like Beaver or Cocky.

    This things should never really be filtered. I mean who are they trying to protect? Who, other then the account holder sees this info? If I'm not offended who else would be? Also please realize that some people really do have last names longer than 10 characters.

    Actually, the way B of A uses these is not as a password, but as a third point of verification.

    If you sign in to their banking page from a computer that you haven't used before, it asks for the username, password, and an answer to a stock question (like high school mascot), before it presents the site key and asks for the password.

    If you use a computer you've used before, it just asks for username and password (and gives you their "site key" before asking for the password, so you can tell if you're connected to the right server and not a phishing site).

    It's assuming at this point that someone may have stolen your username and password, probably through a phishing scam, but that the phishing page probably didn't ask you about the color of your first car, your favorite pet's name, or your high school mascot, which would mean the phisher doesn't have that data, and will thus be blocked from your account.

    If you are signing in from your usual computer (and have signed in from there before), and it does ask for those things, it probably is a phishing site. Of course, their site key solution should prevent you ending up on one of those anyway.

    So, no, it doesn't really decrease security, if you pay attention to how they work. It makes phishing much, much more difficult.

    Also makes it mildly inconvenient when you buy a new computer, or move to a new house, or want to sign in from a friend's computer, etc. But it makes it much harder on phishers. I'll take mild, rare inconvenience for me and much harder for phishers, instead of super-easy for me, and super-easy for phishers.

  • (cs)

    About a mile from where I live, there is a body of water called Beaver Lake. Surrounding this are a number of streets and roads with names like "Beaver Lake Road", "Beaver Lake Ave", "Beaver Road", "Beaver Lake Street" - basically any combination of Street, Road, Lane, etc. that you can combine with Beaver Lake and Beaver. I'd estimate several hundred addresses.

    Also, a quick check of the phonebook reveals that Beaver is actually a real last name, not terribly common, but there's a couple in my phone book (although they appear to be related, based on the addresses).

    Assuming this WTF is even real, what would Bank of America do with these names and addresses?

  • (cs) in reply to kupal

    Beaver, Beaver, Beaver, Beaver, Beaver, Beaver, Beaver, Beaver, Beaver, Beaver, Beaver, Beaver, Beaver, Beaver, Beaver, Beaver, Beaver, Beaver, Beaver, Beaver,

    SNAAAAAAKE!

  • (cs) in reply to bif

    And then there are all those poor slobs who graduated from Beaver College before the people running it finally clued up and changed the name to Arcadia University. Amusingly enough, until sometime in the late 70's or so, it was all-female.

    I hear there's also a Beaver County in western Pennsylvania.

  • derby (unregistered) in reply to BA

    is it me or is my sarcasm detector broken ... how could somebody with the name "Cockey" not know what "Beaver" meant?

  • derby (unregistered) in reply to David C.
    David C.:
    Reminds me of a web filter that blocked my resume as pornographic because it has the phrase "cum laude" on it.

    braggart

  • (cs)

    Of course it's stupid to filter the questions and such. Heck, you should be able to put "how the fuck should I know" as your answer to all the questions, if you really want to. Might be less secure, might be more.

    Anyone doing research into what high school you went to, say, by searching ClassMates.com, might be able to get your mascot, and mother's maiden name is just plain lazy; but nobody is going to guess, "I don't care", as "Mother's Maiden Name", though you could probably remember that answer.

    Try "42" as all of your answers, see if anyone can guess that! (Well, unless your account is being hacked by someone who visits this site, after I post this.)

    Actually, when you consider that most "identity theft" is done by friends and family (just like most murders!), Mother's Maiden Name just becomes, Grandma's Maiden Name, or whatever, and then it's not even guesswork or research. But if Mom's maiden name was "Smith", and you put "Fuck it, who cares", as your answer, nobody will ever guess that.

  • (cs) in reply to Gsquared
    Gsquared:
    KattMan:
    It is things like this that actually reduce security.

    If I have to make things up like the school mascot or a new spelling for my mother's maiden name because the original is to long, what is the point? I'll never remember it, so instead I have to call in, give them something basic like my account number which any fool can get off of my checkbook. They no longer take SSN because "we can't use that for identification." So now all you need to do is steal someones checkbook, call in and claim you can't recall all those unvalid entries and get access. When they ask what some of them are you answer things like Beaver or Cocky.

    This things should never really be filtered. I mean who are they trying to protect? Who, other then the account holder sees this info? If I'm not offended who else would be? Also please realize that some people really do have last names longer than 10 characters.

    Actually, the way B of A uses these is not as a password, but as a third point of verification.

    If you sign in to their banking page from a computer that you haven't used before, it asks for the username, password, and an answer to a stock question (like high school mascot), before it presents the site key and asks for the password.

    If you use a computer you've used before, it just asks for username and password (and gives you their "site key" before asking for the password, so you can tell if you're connected to the right server and not a phishing site).

    It's assuming at this point that someone may have stolen your username and password, probably through a phishing scam, but that the phishing page probably didn't ask you about the color of your first car, your favorite pet's name, or your high school mascot, which would mean the phisher doesn't have that data, and will thus be blocked from your account.

    If you are signing in from your usual computer (and have signed in from there before), and it does ask for those things, it probably is a phishing site. Of course, their site key solution should prevent you ending up on one of those anyway.

    So, no, it doesn't really decrease security, if you pay attention to how they work. It makes phishing much, much more difficult.

    Also makes it mildly inconvenient when you buy a new computer, or move to a new house, or want to sign in from a friend's computer, etc. But it makes it much harder on phishers. I'll take mild, rare inconvenience for me and much harder for phishers, instead of super-easy for me, and super-easy for phishers.

    Actually the "additional security" will be rendered useless. You have to remember we are not talking about clued in users. All a Phisher has to do is sign in to BofA one time to see the questions asked and compose their phishing site to collect that info.

    These are essentially the same as having multiple passwords. On my machine I need one password, on that other machine I need two. There is no difference here.

    The worse part about it is that most people can perform a quick automated public records search and get your mothers maiden name, the college you went to etc, without even having your SSN. So this isn't even info known only to the account holder. If you know what bank they are at, you may know their name and general location of residence. Of course you can try to collect some of this from a phishing scam also.

  • Alan (unregistered)

    Hmmm, kind of like the Scunthorpe Problem.

    I can see why they want to stop obscenity, you may have to give the answer to some tech support person. But barring words with legitimate uses is silly.

  • Nylyst (unregistered)

    DaveAronson: Indeed there is, just north of Alleghany County (Pittsburgh). Even better is the Beaver County Community College sports facility: The Golden Beaver Dome! When I was 17 I went and saw Primus there on the "Tales from the Punch Bowl" tour and they even played Winona's Big Brown Beaver!!

    Gotta love the beaver!

  • (cs)

    Reminds me of the (probably apocryphal) story of all the trouble Scunthorpe town council had when they first implemented an email profanity filter...

    [Edit: dammit! Beaten to it by two posts!]

  • (cs) in reply to The Flaming Yak

    Good thing I use Wachovia. I'd hate to think about what Bank of America would do with my account -- I played baseball for the Calvin Coolidge High School "Motherfucking Assholes."

  • Eduardo Habkost (unregistered) in reply to Gsquared
    Gsquared:
    KattMan:
    It is things like this that actually reduce security.

    If I have to make things up like the school mascot or a new spelling for my mother's maiden name because the original is to long, what is the point? <snip>

    <snip: long explanation about secret answers>

    So, no, it doesn't really decrease security, if you pay attention to how they work. It makes phishing much, much more difficult.

    Uh... I think he was not talking about the secret questions themselves, but about the profanity filter or restrictions such as a limit to the length of the answer, that force you to make things up.

  • (cs) in reply to KattMan
    KattMan:
    Gsquared:
    KattMan:
    It is things like this that actually reduce security.

    If I have to make things up like the school mascot or a new spelling for my mother's maiden name because the original is to long, what is the point? I'll never remember it, so instead I have to call in, give them something basic like my account number which any fool can get off of my checkbook. They no longer take SSN because "we can't use that for identification." So now all you need to do is steal someones checkbook, call in and claim you can't recall all those unvalid entries and get access. When they ask what some of them are you answer things like Beaver or Cocky.

    This things should never really be filtered. I mean who are they trying to protect? Who, other then the account holder sees this info? If I'm not offended who else would be? Also please realize that some people really do have last names longer than 10 characters.

    Actually, the way B of A uses these is not as a password, but as a third point of verification.

    If you sign in to their banking page from a computer that you haven't used before, it asks for the username, password, and an answer to a stock question (like high school mascot), before it presents the site key and asks for the password.

    If you use a computer you've used before, it just asks for username and password (and gives you their "site key" before asking for the password, so you can tell if you're connected to the right server and not a phishing site).

    It's assuming at this point that someone may have stolen your username and password, probably through a phishing scam, but that the phishing page probably didn't ask you about the color of your first car, your favorite pet's name, or your high school mascot, which would mean the phisher doesn't have that data, and will thus be blocked from your account.

    If you are signing in from your usual computer (and have signed in from there before), and it does ask for those things, it probably is a phishing site. Of course, their site key solution should prevent you ending up on one of those anyway.

    So, no, it doesn't really decrease security, if you pay attention to how they work. It makes phishing much, much more difficult.

    Also makes it mildly inconvenient when you buy a new computer, or move to a new house, or want to sign in from a friend's computer, etc. But it makes it much harder on phishers. I'll take mild, rare inconvenience for me and much harder for phishers, instead of super-easy for me, and super-easy for phishers.

    Actually the "additional security" will be rendered useless. You have to remember we are not talking about clued in users. All a Phisher has to do is sign in to BofA one time to see the questions asked and compose their phishing site to collect that info.

    These are essentially the same as having multiple passwords. On my machine I need one password, on that other machine I need two. There is no difference here.

    The worse part about it is that most people can perform a quick automated public records search and get your mothers maiden name, the college you went to etc, without even having your SSN. So this isn't even info known only to the account holder. If you know what bank they are at, you may know their name and general location of residence. Of course you can try to collect some of this from a phishing scam also.

    There's no such thing as total security. Even retinal prints can be faked with the right equipment. The point of all data security is to make it more expensive to get the data than the data is worth.

    This adds to the difficulty/expense. It may not be the best way, but per government reports I read last year, B of A has the best set up of all the online banks in the US. Not good enough, but better than the rest.

    Also, as far as a phishing site collecting that data, that's what their "site key" is meant to prevent. They have to have your user-ID already, and the answers to a dozen personal questions, before they can collect the site key. They have to have the site key before they can collect your password. So, they have to successfully phish you twice, once to get the username and answers to various questions (or at least one), then they have to sign in to your account and get your site key, then they have to phish you again to get your password.

    Anyone who falls for that, will also fall for e-mails that say, "please enter your banking site address, username and password to win a year's supply of free vi@gr@!", or "we need to verify all of your credit cards haven't been stolen, please enter all credit card numbers, expirations dates and CVV numbers in the below form and we will make sure nobody else steals them". So, why phish twice when it's much easier to steal bank account data from total idiots in much easier ways?

  • (cs) in reply to Licky Lindsay

    Not to mention that censorship is the essentially the reason we have this problem to begin with.

    We wouldn't need to use the name of a dam building semi-aquatic mammal for certain part of the female anatomy if it wasn't for stuff like this.

    Also, filters that are wide enough that they also block a common north american animal are obviously to the point of loosing effectiveness.

    Let's see:thesaurus.com:prostitute B-girl, bag, bawd, bimbo, blower, broad, call girl, camp follower, cat, chicken, chippie, concubine, courtesan, fallen woman, floozy, harlot, hooker, hostess, hustler, loose woman, midnight cowboy, model, moll, nymphomaniac, painted woman, party girl, pickup, pink pants, pro, scarlet woman, slut, streetwalker, strumpet, tart, tomato, tramp, trollop, white slave, whore, working girl

    Now, there are a some like 'slut' that more implies 'easy sex' than 'sells sex for money', but wow!

    By the same token if you're trying to eliminate written references to a sex trade worker, you'd have to eliminate at least two animals, a vegetable, a confection, and two legitimate professions.

    And language would still adopt.

  • (cs) in reply to DaveAronson
    DaveAronson:
    > Beaver, Beaver, Beaver, Beaver, Beaver, Beaver, Beaver, Beaver, Beaver, Beaver, > Beaver, Beaver, Beaver, Beaver, Beaver, Beaver, Beaver, Beaver, Beaver, Beaver,

    SNAAAAAAKE!

    I laughed. :P

  • (cs) in reply to Gsquared
    Gsquared:
    Also, as far as a phishing site collecting that data, that's what their "site key" is meant to prevent. They have to have your user-ID already, and the answers to a dozen personal questions, before they can collect the site key. They have to have the site key before they can collect your password. So, they have to successfully phish you twice, once to get the username and answers to various questions (or at least one), then they have to sign in to your account and get your site key, then they have to phish you again to get your password.

    I could see it being done very easily with a man in the middle attack. I set up a server that collects your inputs, forwards that information to the legitimate server to get the correct response. The delay is short enought that the average user would merely think 'the internet's slow today', if he even noticed.

    It's better, but still not infallible. It's also annoying.

  • Badger (unregistered) in reply to MattHuntington

    Mushroom Mushroom!

    (that's where I got my name from...)

  • (cs)

    People from some parts of Pennsylvania must have major problems. Imagine this as a security question:

    In what City were you born?

    Blue Balls

  • (cs)

    Good thing their mascot wasn't the Titmouses or the Great Tits or one of their related avian family members.

  • (cs)

    Strumpet is a great word!

    One of my bank sites asked some validation questions, and required a MINIMUM LENGTH for the answer. I think it was six characters.

    My mother's maiden name is shorter than that!

    Some of the questions are useless. Name of first childhood pet? I don't remember. Name of best friend in elementary school? Who knows? I don't remember things like that.

    There were some others that just didn't apply to me. (They also sometimes assume that you are married and/or have kids.)

    It's OK to have a minimum length for a made-up password, but not for the answer to a question. (Favorite color: BLUUUUUE!)

  • nobody (unregistered)

    So that's why the Cleavers no longer use BofA. They got upset when their son's nickname wasn't accepted.

    (For those who don't know old US TV, there was a show called "Leave it to Beaver", where "Beaver" was the nickname of one of the Cleaver boys.)

  • roy (unregistered) in reply to DaveAronson

    Mushroom, Mushroom?

  • Pat (unregistered)

    Why do they care? Honestly. Your secret key should be just that, secret. If somebody who works for BoA is reading those and are offended it really defeats the purpose of having a secret key. Nobody will know or care if the word "pussy" gets md5'd into something like 236070987a6a09a80b0e0c. That's the real WTF.

  • (cs)

    When you call tech support, they have to ask you these questions for verification. Their jobs suck enough. They don't need to put up with stupid BS answers or "How big is my cock?" questions when you can create your own.

  • (cs)

    Hmmm...USC. More often than not the "Game-" part of their mascot is dropped when folks talk about them. Reminds me of another SC school around here - Furman University. Gotta love it when you see one of their folks wandering around town with their college letters boldly printed on a sweatshirt...

    :edit: Also the Wachovia Center in Philadelphia, formerly known as the "First Union Center"...which often had the bank part of the name abbreviated, especially when rivals were in town.

  • (cs) in reply to bif

    The northeast suburbs of Atlanta have a road called "Beaver Ruin Road". I shudder every time I hear it on the traffic reports.

  • Notshakespeare (unregistered)

    Beaver College in PA changed its name to Arcadia for exactly this reason.

  • (cs)

    I live near Philadelphia, nearby, we have Acadia College.

    But that's the NEW name.

    I used to be BEAVER COLLEGE.

    Nothing like a few thousand co-eds running around with BEAVER in giant letters on their sweatshirts.

    It was much better then. I'm betting someone was way too uptight and had a snit and got them to change it.

  • (cs) in reply to twks
    twks:
    People from some parts of Pennsylvania must have major problems. Imagine this as a security question:

    In what City were you born?

    Blue Balls

    It's Blueball, PA.

    Which, incidentally isn't very far up the road from Intercourse. And also near Paradise. Fun road trips. I tell people that if you head down the road for paradise, and don't quite make it as far as Intercourse, that you'll most likely find yourself in Blueball.

  • (cs)

    Here's the big joke around here: http://www.getoffonbigbeaver.com/

    Safe for work.

  • (cs) in reply to DWalker59
    DWalker59:
    Some of the questions are useless. Name of first childhood pet? I don't remember.
    Meanwhile, I do remember the name of my first pet...

    ...unfortunately, it was "PJ", which falls short of pretty much every minimum length I've seen on these things.

    (..."PeeJay"? Except that'd probably get blocked for containing "pee"...)

  • (cs) in reply to unklegwar
    unklegwar:

    It's Blueball, PA.

    Which, incidentally isn't very far up the road from Intercourse. And also near Paradise. Fun road trips. I tell people that if you head down the road for paradise, and don't quite make it as far as Intercourse, that you'll most likely find yourself in Blueball.

    You forgot to mention Bird-in-Hand, PA.

  • (cs) in reply to teedyay
    teedyay:
    Reminds me of the (probably apocryphal) story of all the trouble Scunthorpe town council had when they first implemented an email profanity filter...

    [Edit: dammit! Beaten to it by two posts!]

    I went to Sussex University. I then worked in a school in West Sussex. Both had, at some point or other, banned their own websites.

  • (cs) in reply to unklegwar
    unklegwar:
    I live near Philadelphia, nearby, we have Acadia College.

    It used to be BEAVER COLLEGE.

    I'm betting someone was way too uptight and had a snit and got them to change it.

    There've been a few colleges/cities/etc with this problem. The reason they change their name is because now we have the Internet and parents doing searches on "Beaver College" don't get the kind of results they consider constructive.

  • My Name (unregistered)

    My Dad's passphrase for his Orange mobile phone is "Orange is shit", after having to reregister through the site. Should he ever have to phone customer services, it should be fun.

  • (cs) in reply to unklegwar
    unklegwar:
    I live near Philadelphia, nearby, we have Acadia College.

    But that's the NEW name.

    I used to be BEAVER COLLEGE.

    Nothing like a few thousand co-eds running around with BEAVER in giant letters on their sweatshirts.

    It was much better then. I'm betting someone was way too uptight and had a snit and got them to change it.

    And I bet ten years down the road this incident will lead to Arcadia being a word for the female anatomy.

    An example, Here in Indiana we just had a law passed and go into affect that states that you can no longer use the term "Special Needs" you are now required to say "Gifted". Think about this for a minute, they are legislating language and eventually "Gifted" will gain the same negative connotations as all previous terms.

    Trying to ban all language that will offend will lead to banning all language.

Leave a comment on “Zero Tolerance”

Log In or post as a guest

Replying to comment #:

« Return to Article